|
|
sybperl-l Archive
Up Prev Next
From: "Avis, Ed" <avised at kbcfp dot com>
Subject: DBD::Sybase patch: look after password more carefully
Date: Oct 20 2003 11:39AM
Currently DBD::Sybase needs to prompt for a password to use in
the test suite. But it echoes the password to the terminal
(both when entering it and again if you reconfigure) and writes
it in a file PWD which might be readable by others (depending on
umask). Also PWD is not removed by 'make clean'.
This patch improves things by making the current example PWD file
be called PWD.factory, so that 'make clean' can remove the real
PWD containing the user's password. When prompting for a
password it is not echoed. PWD is created unreadable by others.
If PWD exists it is read for defaults on later configuration
(apart from password - that is never printed to the screen, so
there is no default answer), otherwise PWD.factory is read.
diff -rwu DBD-Sybase-1.01/MANIFEST DBD-Sybase-1.01-new/MANIFEST
--- DBD-Sybase-1.01/MANIFEST 2003-09-08 21:50:53.000000000 +0100
+++ DBD-Sybase-1.01-new/MANIFEST 2003-10-20 12:18:10.000000000
+0100
@@ -5,7 +5,7 @@
README
README.vms
README.freetds
-PWD
+PWD.factory
Sybase.h
Sybase.pm
Sybase.xs
diff -rwu DBD-Sybase-1.01/Makefile.PL DBD-Sybase-1.01-new/Makefile.PL
--- DBD-Sybase-1.01/Makefile.PL 2003-09-08 22:30:22.000000000 +0100
+++ DBD-Sybase-1.01-new/Makefile.PL 2003-10-20 12:23:05.000000000
+0100
@@ -22,6 +22,7 @@
configure();
+my $written_pwd_file = 'PWD';
configPwd();
my $lddlflags = $Config{lddlflags};
@@ -33,7 +34,8 @@
WriteMakefile('NAME' => 'DBD::Sybase',
LIBS => [$lib_string],
INC => $inc_string,
- clean => { FILES=> 'Sybase.xsi' },
+ clean => { FILES =>
+ "Sybase.xsi $written_pwd_file" },
OBJECT => '$(O_FILES)',
'VERSION_FROM' => 'Sybase.pm',
'LDDLFLAGS' => $lddlflags,
@@ -222,8 +224,15 @@
}
sub configPwd {
- open(IN, "PWD") || die "Can't open PWD: $!";
my %pwd;
+ my $pwd_file;
+ my @poss = ($written_pwd_file, 'PWD.factory');
+ foreach (@poss) {
+ $pwd_file = $_, last if -e;
+ }
+ die "could not find any of: @poss\n" if not defined $pwd_file;
+
+ open(IN, $pwd_file) || die "Can't open $pwd_file: $!";
while() {
chomp;
next if(/^\s*\#/);
@@ -240,12 +249,30 @@
$pwd{SRV} = getAns() || $pwd{SRV};
print "User ID to log in to Sybase (default: $pwd{UID}): ";
$pwd{UID} = getAns() || $pwd{UID};
- print "Password (default: $pwd{PWD}): ";
- $pwd{PWD} = getAns() || $pwd{PWD};
+
+ print "Password: ";
+ if (-t) {
+ # Stop the password being echoed.
+ require Term::ReadKey;
+ Term::ReadKey::ReadMode('noecho');
+ }
+ $pwd{PWD} = getAns();
+ if (-t) {
+ print "\n";
+ Term::ReadKey::ReadMode('restore');
+ }
+
print "Sybase database to use on $pwd{SRV} (default: $pwd{DB}): ";
$pwd{DB} = getAns() || $pwd{DB};
- open(OUT, ">PWD") || die "Can't open PWD: $!";
+ warn "\n* Writing login information, including password, to file
$written_pwd_file.\n\n";
+
+ # Create the file non-readable by anyone else.
+ my $old_umask = umask(077);
+ die "cannot umask(): $!" if not defined $old_umask;
+ open(OUT, ">$written_pwd_file") || die "Can't open
$written_pwd_file: $!";
+ umask($old_umask) != 077 && die "strange return from umask()";
+
print OUT <
|
